We use encryption to keep our sensitive data safe and secure. We take a plaintext message and encrypt it using a strong encryption key to generate the ciphertext. The purpose is that an adversary should not be able to retrieve the secret plaintext message from the ciphertext, provided he does not know the secret key. But no modern encryption algorithm is absolutely secure. Many a time attackers manage to extract meaningful information about the plaintext message from the ciphertext. Entropic Security is a definition used to indicate how difficult it is for an attacker to extract meaningful information about the plaintext from the ciphertext when he does not know the secret key.
What is entropy in cryptography?
In cryptography, a cryptosystem is said to be semantically secure if it is computationally infeasible for an attacker to extract any knowledge of the plaintext based on the ciphertext and its length.
Some encryption schemes, such as RSA without encryption padding and many block ciphers used in Electronic Codebook (ECB) mode or block ciphers with a constant initialization vector, cannot be called semantically secure. They always produce the same ciphertext for a given plaintext and key when we perform the encryption repeatedly. So, an attacker can do some statistical analysis on the ciphertext and gain much knowledge on the plaintext.
Entropic security of an encryption scheme is similar to semantic security when the message spaces have highly entropic distribution. In other words, an encryption algorithm is said to be entropically secure if it is computationally infeasible for an adversary to extract any information about the plaintext from the corresponding ciphertext.
In Information Theory, entropy measures the unpredictability of information contained in a message. In other words, it is the expected value of the information contained in each message. Randomness measures uncertainty in an outcome and is thus applied to the concept of information entropy.
How does entropy improve security?
Modern cryptosystems rely heavily on randomly generated keys. We randomly generate a secret key and encrypt data using that key.
For example, in SSL communications, we generate a very large random number and utilize that to encrypt the communication. These random keys are generated based on specific information from some predefined sources. From some specific sources, entropy is collected and then it is utilized to generate the …
0 Comments